The present invention relates to control of a local device from a remote processor and, more particularly, to a method of controlling a device connected to a local processor, which is coupled to a remote processor across a computer network, where a firewall is operatively interposed between the local processor and the computer network.
Computer data processing systems often include a group of peripheral devices, such as printers, connected to a processor or server, in a local area network (LAN). Software running on the processor allows an operator to configure operating parameters and monitor the performance of all of the locally connected peripherals.
In general, as features and conveniences offered by a computer system are enhanced, the software controlling the system becomes increasingly sophisticated and complex. Installation and troubleshooting of the system often requires specialized knowledge of the system and the peripherals. When confronted with a problem, the operator of the system often must obtain assistance from technical support personnel having this specialized knowledge.
An operator initially seeking assistance typically places a telephone call to a service center and speaks with a technical support representative. The representative first obtains information from the operator regarding the configuration of the particular system at issue, and thereafter guides the operator through an installation or troubleshooting procedure.
Technical support by telephone is almost always time consuming and expensive. It requires the resources of the operator and technical representative, and often involves a long distance telephone call. To be successful, both the operator and the representative must be capable of engaging in a prolonged dialogue and exchanging technical information and directions. This arrangement is susceptible to errors brought on by poor communication or inadequate training of the operator or representative. Even under the best of circumstances, there is no guarantee of success. An unsuccessful session of technical support by telephone can leave the operator with feelings ranging from annoyance to complete frustration, and tarnish the image of the vendor providing the support.
Technical service is improved when the representative has first hand access to the system at issue. This can be achieved by traveling to the site where the system is installed, but necessarily incurs the expense of traveling to and from the site. A preferable alternative is for the representative to have remote access to the system.
The Internet offers a channel by which remotely located computers may exchange information with one another. A first computer may send a request for information, across the Internet, to a second computer. The second computer then responds with a message that includes the desired information.
For purposes of security and system integrity, many organizations install firewalls that restrict the exchange of information with computers outside of the organization. A firewall is interposed between a local computer system and the Internet to block undesired incoming requests and information. Consequently, a local computer system that is protected by a firewall cannot be unconditionally accessed from a remote location.
Referring to FIG. 1, a local computer 50 and a remote computer 70 are coupled across the Internet 65. A proxy machine 60 is operatively interposed between local computer 50 and the Internet 65.
Proxy machine 60 interfaces with the Internet 65 on behalf of local computer 50, and routes messages from the Internet 65 to local computer 50 only when authorized to do so. By way of example, local computer 50 initiates communication with remote computer 70 by sending a request 75, via proxy machine 60, to remote computer 70. Request 75 includes proxy information in a hypertext transfer protocol (HTTP) header that authorizes proxy machine 60 to route a message from remote computer 70 to local computer 50. Subsequently, remote computer 70 sends a response 80, which proxy machine 60 routes to local computer 50.
Proxy machine 60 serves as a firewall to protect the integrity of local computer 50 by preventing unauthorized messages from being routed to local computer 50 from the Internet 65. Not only does proxy machine 60 block unauthorized incoming data, but it also blocks unauthorized incoming requests that would otherwise interrogate local computer 50. Consequently, remote computer 70 cannot unconditionally write data to, or read data from local computer 50.
Since local computer 50 must authorize proxy machine 60 to accept incoming messages on a per message basis, each message from remote computer 70 to local computer 50 must be initiated by local computer 50. In a situation where several messages are exchanged, a pattern of requests and responses is necessary. Local computer 50 sends a request 75, receives a response 76, sends a request 77, receives a response 78, sends a request 79, receives a response 80, etc. In the general case, local computer 50 sends requests to, and receives responses from, remote computer 70.
There is a need for a technical support representative to manage a computer system from which the representative is remotely located. Through remote access, the representative can configure, monitor and troubleshoot the system with little or no intervention on the part of an operator at the system site. Additionally, there is a need for the representative to access a computer system that is protected by a firewall restricting the representative""s access to the computer system.
Accordingly, it is an object of the present invention to provide a method for a remote computer system to access a local computer system across the Internet, where a firewall is operatively interposed between the Internet and the local computer system.
It is another object of the present invention to provide such a method that enables a user of the remote computer system to configure peripheral devices coupled to the local computer system.
It is another object of the present invention to provide such a method that can be initiated by a command from a user of the local computer system, by a command included in an electronic mail message received from the remote computer system, or by a command generated from within a peripheral device.
It is yet another object of the present invention to provide such a system where a first message from the local computer system to the remote computer system is a request, and thereafter, messages from the remote system to the local system are requests, and messages from the local system to the remote system are responses, thus establishing a reverse HTTP connection across a firewall.
A local computer system includes a processor for controlling a group of peripheral devices in a local area network (LAN). A technical representative at a remote computer system desires access and control of the local system.
The local system is coupled to the Internet through a proxy machine that restricts the free flow of information between the Internet and the local system. The proxy machine allows a message to be routed from the Internet to the local system only when authorized to do so by a response request from the local system. When the local system desires information from a remote system, the local system issues a response request, via the proxy machine, to the remote system. Consequently, the remote system cannot unconditionally access or control the local system.
The local system initiates communication with the remote system and authorizes the proxy machine to route a message from the remote system to the local system. The message from the remote system indicates commands for controlling peripheral devices connected to the local system. The local system executes the commands as indicated. The remote processor thereby indirectly controls the peripheral devices.
The message from the remote system may include a command for the local system to send information to the remote system. If so, the local system responds by sending the information, and again, authorizing the proxy machine to route a message from the remote system to the local system. The remote system retains control of the local peripheral devices by including, in each message to the local system, a command for the local system to send information to the remote system.